Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Linux Software

Crack LinuxPPC Contest Is Over 166

Posted by Roblimo
BlueVelvet writes "The crack.linuxppc.org contest is over. Due to a waste of bandwith, illegal activities, and other reasons." Get the full story here. Seems some people were trying to crack other machines on their ISP. The folks at LinuxPPC say that if you send in a workable method to get into one configured like theirs, you can still win, but please stop eating up their ISP's bandwidth with crack attempts now, okay?
This discussion has been archived. No new comments can be posted.

Crack LinuxPPC Contest Is Over More

Crack LinuxPPC Contest Is Over

Comments Filter:
  • According to the status log at crack.linuxppc.org,
    at one point (no idea how long) they were getting 417 packets/second. I can't get to the windows2000test page, but the largest published number was 200(+something smallish) packets/second. Meaning the PPC box was experiencing nearly twice the packet load.


    Or, from another standpoint, of _course_ the linuxppc site was getting more traffic, since it was available and windows2k wasn't ;)
  • If I could only be like you, I too would be cool. Seriously, don't be lame. What is you're reasoning behind continuing to crack into the box?
  • or:

    while (1) {
    fork();
    malloc(1024);
    };

    Get a fork bomb going and eat all of the ram. I know that used to screw over a box nice and good, haven't tried it on 2.2.x though.
  • We can't let MS appear to win...



    MS' Server has been down so many times that it's almost sad. Ok, well it's not even close to sad. It's hilarious. I'd say they've already lost.

    Not to mention that their pages were broken to about half the browsers from the time they started. Doesn't make them look good.

  • For single user, just set the limit to about as much memory as you have per process. Netscape used to hang my machine in thrashing. Tried something like this:
    ulimit -Hs 31000
    ulimit -Hd 63000
    when I had 32mb of ram. Netscape would crash a lot though, but at least the rest lived.

    Although, I still wonder, how would I stop one of those malloc or fork bombs. The fork bomb made my system very slow, lucky I didn't lose focus on the xterm it was running in. About how long would it take to die.
  • If it's a single user system, it's probably not a server on the public side of a firewall, where a bunch of people will be trying to trash it.


    -- Keith Moore
  • 'ulimit'. I believe it's been supported for quite a while.
  • Comment removed based on user account deletion
  • /. is not an objective source for anything. The linux bias on the part of the people who run the site and moderate and post comments is overwhelming. Basicaly the attitude is "if its not linux/OSS its CRAP"

    Anyone who reads /. on a regular basis knows this however, so we don't take the "News for nerds. Stuff that matters" thing seriously. Id like to see alot more about BeOS here too, but despite it probably being the most technicaly advanced desktop OS out there, its Not Linux, so few /.ers would care.
  • I mean not to be naive but it would have been brilliant if the kidz were following him around and he happened to have telnetted in from some place unsecure?

    But then it won't be brilliant. It would be human engineering (no security hole in Linux PPC exploited). No more than spying him when he types his password directly on the console.

    Minor point:

    I think the original poster meant "brilliant" in the British sense, that is, a synonym for "cool" or "neat-o".
  • I don't think that the slashdot community defends anything non-MS, far from it... I believe that /. tries to be objective.

    I would have to disagree with this line. Slashdot has a HUGE Linux bias. Mostly everything on this site has some tie to Linux...only occationally, do stories about things I'd rather hear about (BeOS, MacOS) peek out. Although Linux is good, I would hardly call the reporting on Slashdot objective.
    --------------------------
  • So they crashed and instead of giving away the machine they ended the contest. That memory exhaustion crash bug has been around for over a year. Any Linux box can be crashed easily by exhausting its memory repeatedly.
  • Okay, so who do you give the box to?
  • Fork bombs will slow things down a great deal, but I've never known them to actually kill the kernel. It will make things crawl though :-)

    As soon as the process table for that user fills up, nothing more can spawn (until you start killing of course). I think the process table size per user is something like 1024. You can change this in (I think) limits.h in the kernel source.

    -scott__
  • Comment removed based on user account deletion
  • In a perfect world, Linux wouldn't crash when it runs of memory/swap. Unfortunately, there are (some) bugs in the Linux 2.2.x kernel where developers forget to check for memory allocation failures. For example, many device drivers call kmalloc() or get_free_page() without checking whether the returned pointer is NULL. These functions can return NULL, but will only do so under extreme stress. If these unchecked NULL pointers are used in the code, then BOOM!! I've reported these bugs to their owners. Alan Cox fixed a bunch for Linux 2.2.11, but some other developers didn't care, claiming the kmalloc() would "never" return NULL. If Linux is going to be taken seriously as an "enterprise-ready" OS, can Linux developers really have such a not-my-problem attitude to bugs?

    BTW, I've scanned the FreeBSD 3.1 source code with the same lint script and found ZERO unchecked malloc() calls. Linux 2.2.10 had a couple dozen...
  • They really should have controlled the experiment better then shouldn't they? Perhaps isolating the box off their (critical) network, or limiting it's intranet connectivity to other, non-critical machines? Yes it seems simplistic, but then maybe they'd have gotten better results, less troubles and slightly less egg on their faces!
  • I once did a fork bomb that was a shell script that called itself twice on a friends box. Either it crashed, or it was slowed down so much that its state was indistinguishable from a hardlock. The owner of the box had to hard reboot it, couldnt log in from anywhere. I guess this sort of fork bomb would essentially be a memory gobbling fork bomb like someone else described since each execution of the script uses 300k (at least on my alpha unix box that I'm sitting at) or so for bash.
  • Not to mention this cult of personality that everyone here seems to have built up around Linus Torvalds. To read the posts, you'd think "Linus" (what, everyone's on a first-name basis with somebody they've never met?) is every /.er's best friend, favorite uncle, and the Messiah to boot.

  • Anyone noticed that he telnetted into the box to do the update? Did anyone snag the password?? Its not entirely surprising that people are trying to grab upstream boxes ..

    -avi
  • So what's with www.windows2000test.com? I haven't been able to get there for a week. Did they give up? I live just north of Seattle so I know it isn't the weather this time....
    ---
    Put Hemos through English 101!
    "An armed society is a polite society" -- Robert Heinlein
  • hehehe...nice one dude.

    Perhaps that's the Micro$oft security strategy - if you can't connect to the box you can't crack it - you can't get more secure than that!

    ;)

  • Err wouldn't it also depend on where he was telnetting from? I mean not to be naive but it would have been brilliant if the kidz were following him around and he happened to have telnetted in from some place unsecure?

  • Why do people think this means that "Windows wins?" The LinuxPPC Contest was launched as a response to the NT 2000 site being put online, but I don't recall Microsoft or anybody at all, actually, setting it up as a formal challange.

    It seemed to me more of a "me-too" effort on the part of the LinuxPPC site. Does anybody know of any way at all that Microsoft even acknowledged there was a 'contest' taking place?
  • PPC was up during a period when Win went down several times. The stats are about equal.

    PPC comment for 8/5
    18:58 CST: Averaging 437.46 packets per second(tcpdump)


    Windows:
    Perfmon info from 8/5/99 4:00pm
    Datagrams Received/sec Avg: 326
    Fragments Received/secAvg: 104
    Total Fragment Reassembly Errors1574000 in the last 3 hours
    Connections/sec Avg: 100
    % Processor Time Avg: 20
    Memory use steady at about 113264K

  • Right on. A thoughtful, reasonable and informational post. Thanks guy/gal whoever you are.

    It's good to see there are still people who have their wits at the same time they have something worth saying. I'd almost begun to think they were mutually exclusive. ;-)

    cheers,

    -matt
  • > No "NT defender" has the same motivation as many of the cult-memberish Linux community. Trying to pretend so is ridiculous.

    You need to get on over to comp.os.linux.advocacy and count the full-time (and I do mean full time) NT advocates that have set up camp for trolling and laying turf. You might learn that NT, like Linux, Amiga, OS/2, and the Mac, has extremists among its "defenders".

    Trying to pretend otherwise is ridiculous.

    ps -- Didja hear today's news that a Micorsoft employee got caught red-handed in a bit of anti-AOL astroturfing? I reckon not, or you wouldn't be saying that no NT advocates have "cult-memberish" motivations.

  • And if the driver doesn't do this already?

    Or if the driver's memory needs are not known ahead of time, or are large enough to not be acceptable--especially if they're (relatively) large areas of memory below 16M (for ISA DMA...)?
  • Yeah, well, www.windows2000test.com was st00pid first. :)
  • you know in some kind of ironic way this troll is half-right...

  • After the first day or so (once everyone started finding out about the box), the Win2K status page reported frequently receiving over 6000 frames/sec (> 7000 datagrams/sec). The highest packets/sec that I see reported on the LinuxPPC status page is about 556. I'm not sure what number you're referring to on the Win2K status logs.

    Seeing as the LinuxPPC group dropped out of the competition, blaming it on attacks upon other computers, while we haven't seen any such whines from the Win2K group (as if the Win2K box attackers haven't been trying the same tricks), I'm not at all convinced that the LinuxPPC box could've stood up to the attacks that the Win2K box has received. Did any but the most wacked-out zealots really believe that people would go after the Linux box the hardest?

    For the Linux zealots: I hope every name that you were prepared to call the Win2K team had they dropped out, will now be applied to the LinuxPPC team. Quitters, babies, whatever. C'mmmmon, don't tell me you wouldn't have. Just look at all the yahoos who just about wet their pants just because someone toyed with the JavaScript in their Win2K guestbook posts.

    Cheers,
    ZicoKnows@hotmail.com

  • On the other hand, the Windows 2000 box might have crashed after receiving 200+ packets/second, and never had a chance to go up to 417 packets/second.

    Wish we could know exactly what's happening, but MS is trying to spin this, not really gain anything from it.
  • "After the first day or so (once everyone started finding out about the box), the Win2K status page reported frequently receiving over 6000 frames/sec (> 7000 datagrams/sec)."

    When did the box get this? It was down more than it was up as far as anyone could tell.

    "while we haven't seen any such whines from the Win2K group (as if the Win2K box attackers haven't been trying the same tricks)"

    No, they just blamed their downtime on the weather and power outages and the like. Can Microsoft really not afford a UPS? Besides, their complaints weren't nearly so much about their network being hurt as their net connection being flooded. Just a guess but linuxppc.org does have their bandwidth for something else than just to have it flooded. If you read the complaints, one of them was that other machines were getting obthered, true, but the biggest was that their network connection was so saturated that they couldn't do anything over it. That has nothing to do with the box involved, it has to do with the bandwidth that they can afford.

    "I'm not at all convinced that the LinuxPPC box could've stood up to the attacks that the Win2K box has received."

    Maybe, maybe not. They'd need a much bigger network connection to find out, which I doubt that they can afford. Either way, the linuxppc box was much smaller than the W2k box.

    "I hope every name that you were prepared to call the Win2K team had they dropped out, will now be applied to the LinuxPPC team."

    Since you don't seem to have read the article, I'll reiterate what it said. The contest is still going. If you can provide a workable crack into a similarly configured system, you still get the box. They just want their network connection back. As they mentioned, Microsoft can't do that, as W2K isn't purchaseable yet.

    Oh, and the linuxppc people never lied about anything going on. I'm curious, while the windows2000text box was being killed by the weather and power outages, was www.microsoft.com also down? If not, why not? Couldn't they afford to put the box on a UPS?
  • > Seeing as the LinuxPPC group dropped out of the competition, blaming it on attacks upon other computers, while we haven't seen any such whines from the Win2K group

    Te he. They just blamed their problems on lightning, routers, etc.


    > Did any but the most wacked-out zealots really believe that people would go after the Linux box the hardest?

    Well, uh, yes. Crack crack win crack. Crack win win zip.

    And don't you recon that the hordes of MS defenders on this planet might have felt some motivation to crack crack, if only to prove to the world that NT doesn't really stink as bad as its odor would lead one to believe?


    > I hope every name that you were prepared to call the Win2K team had they dropped out, will now be applied to the LinuxPPC team

    Why? They made their point within a day; everything since then has been nothing more than rubbing your nose in it. Which probably explains the hostility in your post.

    And what's the Micorsoft team going to do now? Leave theirs running until it has crashed as few times as crack did?

    Get a life -- and a real operating system.

  • Probably for the Mindcruft benchmarks. Stability wasn't an issue then.

    Ooops.

  • For Redhat linux (5 and above?) It's set down too 256.

  • Re:Well DUH! What did you expect? (Score:1)

    by Anonymous Coward
    Kiddiez flood the win2k box and everyone marks it up to Microsoft is screwed up. Then the Linux box gets hit with the same thing, and ppl whine about it. At least be consistent. The Linux box hung once and ran out of RAM once while dealing with 1/10 the bandwidth the MS box is dealing with. If you really want to brag, sit a Linux box on a T3, then stand up to the same firestorm. Not saying that it would or wouldn't do better, but that if you want a fair contest, then handle the same loads.
  • Use ulimit in /etc/profile and limit each user to a sane number of processes. I set mine to 128. Ran a forkbomb, and the box slowed down quite a bit (processor spiked...hehe) but I was able to kill off the offender and things came back down to normal.
  • > Slashdot has a HUGE Linux bias.

    I dunno about that. There have been a mighty lot of pro-MS posts here for the last month or so. It smacks of astroturfing, IMO.

  • I mean, Since the machine is offline because it crashes half the time, it cannot be accessed globally, therefore higher security.

    Instead of "Security through obscurity", it's "Security through instability"?
  • just /.ed. Ever since that bit about the Kansas board of education (broke Hellmouth's record!) it's been slow, but not down. I can't guaruntee that it was up yesterday (the 11th) but it was up whenever I tried this morning (the 12th). It was r*e*a*l*l*y slow, but still up. The Kansas story went up at ~7pm the 11th, so that seems to be a good explination.
  • One attack succeeded in hanging the box, but the guru's were off a linux world.

    and then the ISP turned on the firewall.
  • i am on the same isp as crack.linuxppc.org and i was getting nailed with all kinds of stupid attacks. they must have scanned the entire execpc class b subnet. I had tons of telnet requests into my server and someone successfuly crashed my win 98 machine (yea i know its sucks) many many times (DoS attacks and nukes).
  • if(crash==crack){
    I.eat(My.shorts);
    Win2k = cracked;
    }
  • What better way to make the most secure Operating System than to test a beta openly against being cracked! And trust me, they have no problem holding back the release of Windows 2000 until *every problem is fixed*. They might just do it this time; creating a really good operating system.

    There will always be problems, of course. But what they are fixing happen to be what Linux has been known to be good at. First speed with the benchmarking fiasco. And now security. Linux has to be a big threat in their eyes. I wonder what they are going to come up with next?

    I don't think Linux is going to become more than a cheap viable alternative as a servor OS for some time. I am looking forward to what I like to call "wave 2" when Linux or another free and open OS takes not the servor, but the desktop.

    Mark my words.

    --

  • no kidding.. god i was getting all kinds of attacks and crap. My connection was slowing down and i usually go pretty fast here. execpc should have the bandwidth to keep something like this up and running. im kind of dissappointed after seeing that they were being almost demanded to stop by execpc.
  • On the other hand, this could be because enthusiasm about DoSing it seems to have decreased. Now hopefully it will stay up long enough for intelligent attacks to have a chance.

    I might have to change my opinion about the whole thing. It might actually have been a not-so-bad thing for MS to put this server up. If they can use this to find better ways to code NT and to choose some defaults that keep the system more stable, more power to them.

    One of the big deals about the LinuxPPC system was that it was really secure by default. I think MS is trying to get Win2k more secure on initial install (to get any kind of security out of NT4, you have to change a bunch of config settings) - at least that was one of their selling points for Win2k. As far as that goes, this is probably the best thing they could have done. I'm sure Win2k won't be as stable as Linux, but this is a good step in the right direction.

    Then again, it would be nice to be able to like the company that you are making rich. I know that I really have a lot of problems with Microsoft as a company. But I do want their products to improve, since I'll have to live and work with them, like them or not.
  • >>Ooooh! What a great idea! A PowerPC version on an Intel box. Hmmmmm....

    Right after that I'm going to run out and try to install W2K on an iMac. =D

    AFAIK, the latter's supposed to be already possible, given that w2k is released, and you're running Virtual PC... So you might be able to do the latter first.
  • So you reported the bugs to the owners, and you know enough about what you're looking for to find them.

    Why didn't you go ahead and fix them then? If there's only a dozen or two, why not fix the ones in the drivers that aren't getting fixed? Just because someone else wrote it doesn't mean you can't fix it.
  • Yeah, out of ram is not the machine. How come you defend anything non-MS, but if MS has the exact same thing it's bad. Selective hatred huh?

    I wouldn't go so far as to say that running out of ram is not a problem. I think that there is something that most people are missing in this whole thing.

    Computers, by their nature, are unstable. There are just to many variables involved to have a computer with no problems. So I am not surprised when computers crash and stuff. That's just something that has to be dealt with. The solution is to reduce the crashes to a minimum.

    You can't say, well, neether OS is any good because they both crashed. You have to look at the overall status of how the OS works. LinuxPPC went about a whole week before crashing. W2K went for how many hours? If I am going to set up a web server I will not look at them both and say, "Well, they both crashed, I guess I'll not use either." Instead I'll be using the one that has the most uptime. That's what counts. It not as important as how many times it crashes, but how long it's up. And that's why I advocate Linux, even when it crashes occasionally.

    -Brent
  • Yeah, out of ram is not the machine. How come you defend anything non-MS, but if MS has the exact same thing it's bad. Selective hatred huh?

    I wouldn't go so far as to say that running out of ram is not a problem with Linux. I think that there is something that most people are missing in this whole thing.

    Computers, by their nature, are unstable. There are just to many variables involved to have a computer with no problems. So I am not surprised when computers crash and stuff. That's just something that has to be dealt with. The solution is to reduce the crashes to a minimum.

    You can't say, well, neether OS is any good because they both crashed. You have to look at the overall status of how the OS works. LinuxPPC went about a whole week before crashing. W2K went for how many hours? If I am going to set up a web server I will not look at them both and say, "Well, they both crashed, I guess I'll not use either." Instead I'll be using the one that has the most uptime. That's what counts. It not as important as how many times it crashes, but how long it's up. And that's why I advocate Linux, even when it crashes occasionally.

    -Brent
  • >If you put LinuxPPC on a P2 450 though...

    Ooooh! What a great idea! A PowerPC version on an Intel box. Hmmmmm....

    Right after that I'm going to run out and try to install W2K on an iMac. =D

  • Posted by Synsthe:

    *sigh* Silly troll.

    Linux couldn't handle it? It had nothing to do with Linux. Their bandwidth was dead. The linux box crashed a whole once due to not being allocated proper memory for such a task.

    Meanwhile windows2000test.com has been down as much as linuxppc up, and up as much as linuxppc was down.

    So I think if you believe this declares Windows the winner, that you need to get your eyes checked. Either that, or it means the frontal lobotomy was succesful.

    Neither won. It wasn't a contest to see which would last longest. It was a contest to see if you could crack into the box. Since windows has been down, nobody has been able to crack it. Since immature folks (yourself included?) couldn't handle the contest at linuxppc, it has been taken to a new playing ground.

    --
    Mark Waterous (mark@projectlinux.org)
  • I wonder how many of those DoS packets were from GetAdmin et al... (a WinNT cracker, for those who don't know).

    SOunded like the last time someone setup a "crack the Mac" contest - people used GetAdmin (!) on it.
  • Blah.. You set out to show that a default install of Linux PPC is secure.. considering the number of script kiddies you got throwing every useless thing at it, I'd say it is. Big deal, default installs have been externally "secure" for years. The most machines get broken into because they are incorrectly configured or they are access remotely with authorization passed in the clear. Sniffing is the way crackers get through external security and once inside is where the default install becomes an issue. When you propose a challenge like this you have to state that you are seeking a penetration test. You want the external security tested, not your access policies.
  • Do any of us still really care enough about Microsoft??? Who cares what they win... A spot that says they crashed the most and they keep their server up longer so it could crash more? they might even have the last laugh that they could put the $$$ into affording the bandwith and the idiotic users trying to get into other systems. The thing that PO's me the most is that Linux PPC promised a computer to AbiSource, and used that same computer to give to a security assurance test... AbiSource right now is one of the closest buisiness models following Free Software or OSS. Give them the F***ing computer. Don't list it as one of the big reasons to stop the "contest." Power PPC in my book has fallen prey to the same PR that MS uses.


    JS
  • I'd hate to have an IP anywhere close to the Windows2000 crack(rock) site. In fact I'd hate to have anything within a class b range. God knows how many kiddies are doing batch port scans looking for god-knows-what. Seems like 'hacking' has changed its definition once again from systematically attacking a problem using logic to massivly attacking it with a sledgehammer.

    BortBox
  • I wouldn't exactly call slashdot objective on the matter of Linux vs. MS, but anyone who chooses to defend MS on this point is... rediculous is too weak a work, but I can't think of a better one. There are points that MS could successfully claim to do better than Linux. This one is so much tilted the other way that it's embarassing.
  • What would be better would be if Microsoft listened to the bug reports it got after it released it. Better yet would be to release source in the interests of security but that's never gunna happen. I feel justified in comparing a "come and crack us" security test against an operating system that we havn't even seen the asm code for, let alone the source code, to a "crack this encryption" snake oil scam. You prove little in either case.
  • I can't get to www.windows2000test.com to test this, but given the conversation on the group, the w2k box has a guestbook running that doesn't check for javascript. As the W2K test box doesn't have any remote admin stuff running (or so we're told), at some point, SOMEONE at the w2k test box will look at their guestbook whilst sitting at the console.
    So, asking as a person who hates Javash^Hcript with a passion, how easy would it be to write a JScript that installs back orifice whenever the IP of the reader matches the IP of w2ktest.com? You can NOT look me in the face and tell me there's no IE bug that will let it remotely execute a BO2K installer....

    -Lx?
  • getadmin. the eEye IIS buffer overrun. the IIS ftp server buffer overrun. etc. All clearly cases of misconfiguration; The admin configured the machine with NT and not a secure OS.
  • It's people being jackasses and ping flooding, smurfing, etc.. the box itself and others on the network.

    A little clue here: You can't break into the box with ping -f, people.
  • Yet Another Example of how stupidity, immaturity and a lack of respect ruins a good thing (tm).

    Its ironic that anyone who contributed to the problems outline on crack.linuxppc.org contributed nothing at all. And probably never does.

  • Get real. The Linux machine crashes once over the course of like six days, as compared to a windows machine that's been down so many times that I only managed to get onto it for the first time about to hours ago. So windows, with all it's stability problems, suddenly 'wins' because Linux isn't perfect? What kind of logic is that? It's questionable as to whether the one crash Linux did experience is the fault of the OS, or the operator who thought that less than 2x RAM as swap would be enough. They only discontinued the contest because they were tired of the idiots who thought that DoS attacks would somehow allow them to crack the server.
  • I thought people specialized in this sort of thing, cracking and all that. Guess that stuff only happens in 'Hacker Crackdown' books. One could of course assume such a "high profile" target would shunned by the highly skilled, anonimity-craving Cracker Elite, but I'd be tempted to say 6u115h1t on that!

  • too many stupid people in the world,
    so little napalm.

    Both challenges were pretty stupid attention getting stunts. We know web servers crash when everyone on /. follows a link. What happens if .01% of /. decides to packet flood, DNS spoof and otherwise attack whole segments of the net?

    Bad metaphor:
    They tried to invite the world to come party in a one horse salon at the end of a dirt road.

    As linuxppc says on their sight legitimate hack attempts were not possible due to the large packet loss caused by the high traffic.

    It stayed up under large traffic, that was good.

    Maybe Microsoft can afford the support to keep their network running. Hopefully the whole thing will quietly go away. It was a good load test for both systems. Not a good security test.

  • Windows 2000 Is more Secure than Linux (Score:1)

    by Anonymous Coward
    I mean, Since the machine is offline because it crashes half the time, it cannot be accessed globally, therefore higher security. Something MS should consider in their promotion Documation. Higher Security: Windows 2000 has much higher security than previous versions. When Windows 2000 detects a Security attack in progress, It produces a Blue Screen Stop Error, Effectively halting the Hacker and protecting your vital files from harm.
  • Have you posted these problems to linux-kernel@vger.rutgers.edu? Public humiliation may take the place of conscience some times. :-)
  • if (malloc returned 0) then do ... what? For this particular state of processing on this particular peripheral? How do you back out the part of the activity you've already done in such a way as to minimally impact further processing, when you don't understand the driver?

    Just because you can write the error detection into almost any code doesn't mean that you can determine or implement a correct response to that error condition with that same lack of knowlege.
  • >So they crashed and instead of giving away the machine they ended the contest.

    Didn't you even READ their statement? If you can crack into an identically configed box, you still win it.

    LK
  • Well, since their ISP appears to have been the deciding party, I don't find you argument convincing. Perhaps they should have cleared this with the ISP before initiating the challenge.

    It's not too surprising that the W2K machine is now more stable, since reports had it as being unusably unstable. OTOH, I haven't been following this, so I don't know what more stable means. It's truely strange that they would put an alpha version of their program up for a public test, yet with all of the down time it surely can't be considered to be beta software yet.

  • Re:"improved" (Score:1)

    by Anonymous Coward
    Uhh, no. Mindcraft and ZDNET were both run against NT4 SP4. No matter. The fact is that the core memory architectures of NT and Unix are so different that the performance hack which is causing trouble for W2K couldn't possibly arise in a Unix-based TCPIP stack.

    I don't know if anybody else saw it, but crack.LinuxPPC.org leaked memory, too. If I were MS, I'd be cackling with glee, planning a PR blitz alleging that the reason they took it down today was that they could project that it would crash again. Certainly, if you tracked memory usage, it was running out of free memory very fast. (At 2-4MBytes/hr at the end.) The question is, given that they were leaking so unbelievably fast, why did they stay up, when W2K keeps crashing?

    The difference that allowed c.l.o to stay up was that Linux takes FTP pages from the normal heap. W2K, like all versions of NT, takes TCP pages from the NON-PAGED heap.

    This is a huge performance win. A basic rule of development for any memory-bound system is that a faster processor serves one purpose only...it gets you to your next page fault faster. So W2K doesn't page time-critical information, such as buffer owned by drivers for high-speed devices.

    (By the way, some other AC asked about the use of raw telnet in STREAMS-based Unix kernels. My guess is that is the same reason: once you move it into the kernel, performance isn't impaired by page faults. But I'm an NT geek, not a Unix guru, so I can't be sure.)

    Like all performance hacks, though, this one has a cost: the non-paged pool is kept as small as it possibly can be. After all, every locked page is a page that ordinary applications can't use (or, at least, shouldn't use.) Moreover, the NPP doesn't grow, and can't make use of virtual memory. (If you grow the NPP, then you risk taking a page to which another process was paging. As to why it can't use virtual memory...well, I'll leave it as an exercise for the reader. Remember, though, that it is the non-paged pool.)

    I'm betting that this is what is happening to W2K. Kepp in mind that it's been taking many thousands of bogus hits per second, and every one of those hits requires it to grab a tiny bit of non-paged memory. It becomes an elementary exercise in queueing theory to recognize that there exists a critical rate beyond which the queue of owned blocks will inevitably grow without bound. Since this implies that for any W2K machine, there exists a driving speed beyond which the machine will eventually run out of NPP, and halt hard.

    Ouch.

    Linux isn't out of the woods, though. I know how to build a fair, Mindcraft-style test which will devastate it, too. The thing to keep in mind is that this obtains for any computer with a TCP/IP stack with a finite servicing rate. Last I knew, that means any computer in existence. C.L.O was running out of memory while taking fewer than a quarter as many packets/second. To be sure, C.L.O wouldn't run out of memory as quickly as W2K did -- it had 160MBytes + swap -- but it, too, ran out of memory in a week. It would have run out exponentially faster if it had been at the end of a T1 line instead of an ISDN line. W2K has a 100MByte/sec. E-net card, and its at the end of a REALLY REALLY big pipe. How long would C.L.O. have lasted under those circumstances?

  • Perfmon info from 8/6/99 12:50pm
    Datagrams Received/sec Avg: 4518
    % Processor Time Avg: 30-47

    8/11/99 Events
    21:30 - There is so much traffic to the site that it is going to be difficult to get connections.

    Frames/sec 6,000
    Bytes/sec 400,000
    Datagrams Received/sec 2312
    Datagrams Sent/sec 3146
    % Processor Time 99

  • I thought Linux was supposed to be invincible!


    Common configuration doesn't limit the use of resources by simple users. But any Bofh admin would put limits on the number of processes the users can launch, and the RAM they can waste.
    --
  • I have a clear picture of where the linuxppc folks were coming from when dealing with the bandwidth usage. I access the internet through execpc, their service provider, and was forced to use another service temporarily as establishing connections grew impossible. tcpdump was also picking up more than it's fair share of really odd packets as well. I never thought a mere modem user could feel the heat of traffic upstream, but it was certainly felt. If Microsoft were really sure of their product, they would offer to host the linuxppc machine at this point.
  • I find it interesting that the DNS servers listed as authoritative for the windows2000test.com domain (man whois(1)) don't seem to respond anymore. Perhaps MS has also decided to back out, sneaking away like a misbehaved child who's been caught?
  • Like all performance hacks, though, this one has a cost: the non-paged pool is kept as small as it possibly can be. After all, every locked page is a page that ordinary applications can't use (or, at least, shouldn't use.) Moreover, the NPP doesn't grow, and can't make use of virtual memory. (If you grow the NPP, then you risk taking a page to which another process was paging. As to why it can't use virtual memory...well, I'll leave it as an exercise for the reader. Remember, though, that it is the non-paged pool.)

    I'm betting that this is what is happening to W2K. Kepp in mind that it's been taking many thousands of bogus hits per second, and every one of those hits requires it to grab a tiny bit of non-paged memory. It becomes an elementary exercise in queueing theory to recognize that there exists a critical rate beyond which the queue of owned blocks will inevitably grow without bound. Since this implies that for any W2K machine, there exists a driving speed beyond which the machine will eventually run out of NPP, and halt hard.

    Ouch.

    "An elementary exercise in queueing"... Is it just me, or is it also elementary to keep track of the relative value of each item being cache (or not paged out) and when the list is getting full, start throwing out the items at the bottom of the list, even if they'd normally be kept in a non-overworked machine?

    It might take a bit more work, but it sounds like one of those fairly obvious tweaks.

    Isn't this (talking about how not paging anything consumes all available ram) sort of like talking about nicing all processes to the same level and wondering why realtime apps like MP3s are skipping?

    But, I don't understand why you take it for granted that both OSes leaked memory. I mean, if I program of mine leaks memory under any conditions, I don't release it.

  • If like most of us you have a machine with finite resources (memory, swap space, kernel PID's, whatever) then it is possible to come up with a situation where you run out of them. Handling all possible situations of this kind is not a core responsibility of the kernel, working well in more common situations is.

    It is impossible to guarantee to defend against all possible DoS attacks while maintaining service to legitimate users (for the CS grads - Decidability, Halting Problem)

    In a real situation, web servers sit behind firewalls.

    Dave
  • Nope. None that I know of (and I have written a lot of javascript). Say what you will about javascript, and it certainly does suck to code in, but AFAIK, there's no way to make it execute something like a BO installer even if it were sitting on the local machine already. Now maybe you could make it look at the host, do the check, and have it try to fetch the installer from a remote host. But the user would be prompted for a "save as" unless there's some kind of autoexecute mime type. Y'know, this was supposed to be a "no way" answer, but now that I think about it more, Jesus, there could concievably be such a MIME type in windows world.

    MIMEType: application/x-totally-insecure
    Action: Run immediately

    Regardless, I think they now filter all html tags out (and by "now" I mean "those brief intevals when the box is actually up")
    ----------------------
    "This moon-cheese will make me very rich! Very rich indeed!

  • Actually, it's probably the off by one error which meant that linux didn't realize it was running out. (Fixed in 2.2.11, but a couple of memory leaks introduced - one in the rtl8129/8139 driver and another in the tcp code).
  • MIMEType: application/x-totally-insecure
    Action: Run immediately
    Doesn't that get damn near the default for CraptiveX?
    --

  • Re:W2k? ...from the W2K status page... (Score:3)

    by Sun Tzu ( 41522 ) on Thursday August 12, 1999 @01:35PM (#1748823) Homepage Journal
    8/12/99 Events

    12:00 We are still trying to find the right configuration to handle the combination of legitimate connection requests and the flood of attack packets. The new TCPIP stack has a couple of different configuration values that affect how it responds. Yes, we will be publishing exactly how this server is configured.

    8:00 The server crashed again this morning. In the same part of the TCPIP stack as before. The TCPIP stack is still having difficulty with a prolonged attack. We are going to try some different configurations and see if we can bump up the connection rate.

    Configuration
    500MHz Pentium III with 256mb of RAM.
  • mm.. spelling on the site might have been improved.... just a thought

  • They offered up the challenge of cracking into their box, not anybody else's. Granted it is an obvious approach to attack another system first, but it is neither legal nor the point of the contest. The contest was to find an inherent weakness in their configuration of a specific box, not find a weakness in their network as a whole or in other boxes on that network.

    ---

  • so i'm still not clear: it didn't ever really get cracked, then?

    and what exactly was this that Omar Shenker accomplished?

    thanks

  • Actually, it depends...

    If the box was a PPC box, yeah Windows would fail first.

    If you put LinuxPPC on a P2 450 though...
  • That's not a reasonable analogy, b/c the cause of the hang is a configuration issue, not a bug. You could argue that they should of expected the extreme loads they got, but in their defense you would think that people would have known better than to try a ping flood as an "exploit". Even folks who've never cracked anything more than a can of beer (like me =) ) ought to know better than that...

  • sigh. (Score:1)

    by Dolio ( 41575 )
    all I can say is, thanx for the ride.
    it was fun, and many of us could still
    use the machine ;) too bad about the
    memory thing, big nod on the swap space
    situation. It can be the difference
    between breaking early, (as it were)
    and grinding on through the insanity.
    maybe y2k just needed more ram all this time :P

    just wanted to point out that as the y2k is beta,
    Linux is under constant revision,
    not a flaw, but an advantage, me thinks.

    Peace
    Dolio
  • Not reading the manual is a sin.

    man limit

    NAME
    limit, ulimit, unlimit - set or get limitations on the sys-
    tem resources available to the current shell and its descen-
    dents
    ....
  • No, it was never broken into..

    All Omar did was submit a better looking set of pages to the person running the contest. What the person originally meant was similar to if you break in, change the page to something better please.

    Sort of like saying "Just add yourself to /etc/passwd and make a home directory"
  • He's gone the closest (pretty darn close - for my money) to date.

    Since they have effectively pulled the plug on the experiment prematurely for reasons they really should have anticipated from the outset they should now cough up the goods!!!
  • I'm curious as to whether www.windows2000test.com and crack.linuxppc.org were under similar loads.

    If the W2K box was getting 500 times the amount of traffic or something, it stands to reason that it would go down more often, quite aside from the relative stability of W2K vs. LinuxPPC; on the other hand, if the loads were similar, then this is a slam-dunk result in favor of Linux with regard to stability.

    Either way, of course, it doesn't prove anything about the relative security of the OSes.
  • I did a fork bomb as a user once on my box and I got tired of waiting for it to crash, but when I came home from work 12 hours later, it was dead and not pingable. It was an older development kernel, but I'm wondering how Linux withstands these attacks currently. Anyone tried? I'd hate to kill my uptime...

Slashdot Top Deals

If you want to put yourself on the map, publish your own map.

Close